RE: SMTP Failing

@mark-robustelli Our initial thought was that this was a WAF issue on AWS, but that didn't pan out. The actual fix was to add an "additional property" to the SMTP settings for mail.smtp.localhost with the full host name:

Once we set this we were able to get things working with Resend. No idea if this applies to other SMTP integrations.

We have FusionAuth deployed to AWS (ECS), and everything is set up and working except for email. We're using https://resend.com for SMTP (per recommendations). We're running into an issue where we have all the SMTP settings in place for a tenant, we can verify these settings work when run in our development environment, but when we try and send a test email from the FusionAuth admin UI we get an error:

Unable to send email via JavaMail

Prime Messaging Exception
501 Error: Syntax: HELO hostname

As far as I can tell we should only get that error when the SMTP hostname hasn't been set correctly, but it has been set (we can see it in the UI, and I can find it in the database as well). We've also verified that we can send email through resend using this exact SMTP configuration using swaks (recommended here).

swaks --from '<FROM_EMAIL>' --to '<TO_EMAIL>' --server smtp.resend.com --port 587 --auth plain --tls --auth-user 'resend' --auth-password '<RESEND_API_KEY>'

^ this works perfectly.

I have FusionAuth SMTP debugging enabled, and this is all we see when sending a test email:

DEBUG: Jakarta Mail version 2.1.2
DEBUG: URL jar:file:/usr/local/fusionauth/fusionauth-app/lib/smtp-2.0.2.jar!/META-INF/javamail.providers
DEBUG: successfully loaded resource: jar:file:/usr/local/fusionauth/fusionauth-app/lib/smtp-2.0.2.jar!/META-INF/javamail.providers
DEBUG: Tables of loaded providers
DEBUG: Providers Listed By Class Name: {org.eclipse.angus.mail.smtp.SMTPTransport=jakarta.mail.Provider[TRANSPORT,smtp,org.eclipse.angus.mail.smtp.SMTPTransport,Oracle], org.eclipse.angus.mail.smtp.SMTPSSLTransport=jakarta.mail.Provider[TRANSPORT,smtps,org.eclipse.angus.mail.smtp.SMTPSSLTransport,Oracle]}
DEBUG: Providers Listed By Protocol: {smtp=jakarta.mail.Provider[TRANSPORT,smtp,org.eclipse.angus.mail.smtp.SMTPTransport,Oracle], smtps=jakarta.mail.Provider[TRANSPORT,smtps,org.eclipse.angus.mail.smtp.SMTPSSLTransport,Oracle]}
DEBUG: successfully loaded resource: /META-INF/javamail.default.address.map
DEBUG: URL jar:file:/usr/local/fusionauth/fusionauth-app/lib/smtp-2.0.2.jar!/META-INF/javamail.address.map
DEBUG: successfully loaded resource: jar:file:/usr/local/fusionauth/fusionauth-app/lib/smtp-2.0.2.jar!/META-INF/javamail.address.map
DEBUG: setDebug: Jakarta Mail version 2.1.2

For cost reasons (etc.) we may not want to run dedicated OpenSearch instances in all of our deployed environments. I see in the documentation that

The database search engine is appropriate for systems that are not dependent on the FusionAuth APIs, are not expected to have a large number of search results, or are running in an embedded environment.

I get the performance implications. What i'm curious about is

The database search engine is appropriate for systems that are not dependent on the FusionAuth APIs...

Are there API endpoints that don't work without OpenSearch?

I would like to be able to define a webhook in my kickstart.json file specifically for the kickstart.success event. It seems based on what I've read so far this is possible. I have the following kickstart config:

{
  "variables": {
    "apiKey": "2fbf8fbf-32bb-456e-a71e-24830dd82866"
  },
  "apiKeys": [
    {
      "key": "#{apiKey}",
      "description": "Unrestricted API key"
    }
  ],
  "requests": [
    {
      "method": "POST",
      "url": "/api/webhook",
      "body": {
        "webhook": {
          "connectTimeout": 3000,
          "global": true,
          "readTimeout": 3000,
          "description": "Kickstart Sucess Webhook",
          "eventsEnabled": {
            "kickstart.success": true
          },
          "url": "https://webhook.site/bec11612-a727-4ff8-88f1-73d733b5eaca"
        }
      }
    }
  ]
}

When my docker container starts up I do see that the kickstart is executed:

---------------------------------------------------------------------------------------------------------
-------------------------------------------- Kickstarting ? --------------------------------------------
---------------------------------------------------------------------------------------------------------
2024-09-06 07:33:15.036 PM INFO  io.fusionauth.api.service.system.kickstart.KickstartRunner - Summary:
  - Created API key ending in [...2866]
  - Completed [POST] request to [/api/webhook]

However, the hook is never called. (If it is and there's an error I don't see that either).

Note that I have no tenants or applications at this point: just initial the API key (and I confirmed that I can call the API using this key after kickstarting completes).

I have also set the global: true option in the webhook body as the documentation indicates this is required in order for the hook to get called when there're no tenants.

I can also confirm that a curl POST to the webhook URL from within the running FusionAuth container does reach that webhook.site URL.

Am I going about this correctly?